Active Directory

RoleName: Arbitrary name for the AWS IAM role that group members will be able to use.

An example: AWS-123456789012-Researchers

Some groups like to name roles based on logical affiliation with the project (Researchers, ITSupport, Admins), while others prefer to grant access according to organizational units (NetworkEngineering, HelpDesk, ApplicationSupport). Either method is acceptable.

AD groups should be Security Groups with a Global context. At present, it's not possible to nest groups, so your AD group must be populated with people.

Once your group is in place, you can create the corresponding AWS role:

Amazon Web Services

Note: When your account is initially provisioned, this step will be handled by our AWS account management team.

From the AWS Console, navigate to IAM, then select Roles from the left-column menu.